Stack Buffer Overflow in Zabbix Server/Proxy Code
CVE-2024-36468

3LOW

Key Information:

Vendor: Zabbix
Status: Zabbix
Vendor: CVE Published:; 27 November 2024

What is CVE-2024-36468?

The reported vulnerability is a stack buffer overflow in the zbx_snmp_cache_handle_engineid function within the Zabbix server/proxy code. This issue occurs when copying data from session->securityEngineID to local_record.engineid without proper bounds checking.

Affected Version(s)

Zabbix 7.0.0 <= 7.0.2rc1

References

https://support.zabbix.com/browse/ZBX-25621

CVSS V3.1

Score:

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 27, 2024

Credit

Zabbix wants to thank chamal for submitting this report on the HackerOne bug bounty platform